The invention relates generally to secure access systems and methods, and more particularly to biometric based access systems.
Biometric devices, such as fingerprint scanners, retinal scanners, voice recognition systems and other similar systems are used as mechanisms for providing secure access to a given system, device, software application or other secure entity. Conventional biometric devices, such as a thumbprint scanner, typically require a user to enter personal identification data (PID) and apply a thumb to a scanning area which may take the temperature of the thumb as well as the fingerprint from the thumb and match it with prestored data representing an acceptable thumbprint corresponding to a particular PID. An authenticator receives the biometric input (namely the thumbprint) and matches it with the prestored thumbprint indexed by the personal identification data also entered by the user.
FIG. 1 shows one example of a conventional biometric access device in a form of a thumb scanner wherein a thermal biometric detector 100 and a keyboard or other input device 102 allows personal identification data, such as a PIN, to serve as two factor authentication data The authenticator 104 stores a symmetric key, such as an encryption key, in a table 106 by a PIN 108 input by the keyboard. The device typically returns a stored secret key such as a symmetric key 110 to a personal computer or other device requiring a secret password 112. The two factor authenticator 104 is typically a tamper proof box to thwart device tampering attacks. For example, if an unscrupulous party wished to obtain the secret key, the unscrupulous party needs to open the authenticator device and tap into the secret key table to obtain the secret encryption key for example. Some tamper proof authenticators have self destructing devices that destroy the secret key upon potential tampering of the device. Hence tamper proof devices are typically expensive devices.
The thermal biometric access device typically monitors thumb temperature to prevent copied input attacks. Two factor authentication devices can suffer from copied input attacks such as where a thumb scanner device may accurately authenticate a thumbprint lifted from a pencil or other surface as opposed to the actual thumb of the person (originator).
Another problem arises in that with biometric input devices, variability of biometric input can result in inaccurate authentications. For example, if a user does not properly press his/her thumb in the exact required location on a thumbprint scanner, proper authentication may not result.
Conventional two factor biometric authentication devices and methods typically take the biometric input and make a pass/fail authentication decision based upon whether or not the input is a sufficiently-close match to some pre-stored representation of that user""s biometric data. Such devices typically do not correct for errors in the biometric input. Although some devices require the user to apply several applications of a thumbprint, for example to obtain an average value for a biometric input, such systems do not typically correct for errors in the biometric input.
Consequently there exists a need for a multi-factor biometric authenticator and method which does not require tamper proofing of the device. In addition, it would be advantageous if such a system would effectively deal with the variability of biometric input data without compromising security. In addition, it would be desirable if such a system would not store a secret key for ready extraction by an unscrupulous hacker. In addition, it would be advantageous if such a system would not require the storage of matching biometric data.